The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the fundamental privacy principles of both the Data Protection Act and the Human Rights Act 1998, and the American Recovery and Reinvestment Act (ARRA) in February 2009 followed by April rulings by the Federal Trade Commission (FTC) included a standard of privacy regarding an individual's right to privacy regarding health care data. In January 2013, a new revision of HIPAA 1996, labeled the HIPAA omnibus rule, was issued with increased emphasis on privacy, disclosure of identifiable information and tougher security provisions which comes under the 2009 HITECH Act and the Genetic Information Nondiscrimination act. Under the provisions of HIPAA, ARRA, and the FTC, health information, with few exceptions, can only be shared with the express permission, advance consent, and authorization of the patient (or the patient's legal guardian, as appropriate), and when compromised, electronic notifications must be sent, and followed up with electronic audits and risk analysis.
By way of example, if a patient is unconscious and has provided advance authorization and consent for a licensed health care provider to securely access and view health-related and protected health information with family, next-of-kin, friends, or others involved, the patient's care and emergency care can be shared when in the best interest of the patient.
In Florida, vehicle owners can securely store emergency contact information electronically, including the name and telephone number of at least one person, and link same to their driver's licenses (DL). A law enforcement officer or first responder, if they can locate a driver's license at an accident scene, can contact the Department of Motor Vehicles to obtain emergency contact (ER-Cont) data. If not available and the vehicle occupants are unconscious or otherwise unable to communicate, notifying the family can be a challenge. ER-Cont information is only available to police at a crash scene in the state of Florida.
NLETS, the National Law Enforcement Telecommunications System, can interface with Department of Motor Vehicle sites across the country and obtain emergency contact information, but only if linked to a vehicle's vehicle identification number (VIN) and with the driver's consent. However, medical data cannot be collected, stored, accessed, or shared via NLETS, which can cause a loss of critical time gaining access to critical healthcare data, such as allergies, blood type, and other medical data. Such data can save lives or improve the quality of life after a life-threatening event.
As will be addressed throughout this disclosure, attributes contain information about a subject (known also as an actor). A subject's digital ID has a limited number of identity attributes such as address, age, title or driver's license or trait features that are inherent such as eye color, gender or birth place. A subject can also have acquired associated attributes (lifestyle, purchasing behavior, medical or banking activities) which can change easily whereas trait attributes most likely do not change. Upon being validated and authenticated with a digital ID (public key certificate) in good standing, then a person's (subject) authenticated identity can be enhanced with attributes that originate from an Attribute Certification process where one's Authentication privilege is extended to provide “certified binding attributes’ such as access control, secure email, access privileges and associated relationships. As a result of the security and auditing process incorporated into Attribute Certification there is a strong privilege management policy monitoring effort, risk management process and certificate revocation process. Entities, institutions, exchanges, enterprise servers and the environment (defined as ‘objects’) can also have attributes which are represented by defined characteristics and functions. Attribute certs cannot be used to establish an identity but are used to extend the attributes of one's identity. The forgoing is in concert with NIST guidelines.
Anonymization and Pseudonymization are specific de-identification processes that file the intent of HIPAA 1996 and the HIPAA omnibus rules of January 2013. Anonymization is the process that removes the identifying characteristics (HIPAA defined) associated with protected health/clinical information and generates a not so unique health data set. The value of such allows a subject/patient to make a part of or subset of their clinical data available for a range of secondary purposes without having to access identifiable clinical information. Such data will be made available on a need to know or on an arranged basis and risk of identity is greatly minimized. The activity is handled through a trusted third party who attests to the validity of the clinical information. Pseudonymization is a specialized class of Anonymization that removes the association and adds an association between a particular set of data characteristics relating to the data subject in addition to adding more pseudonyms. This is a means by which information can be linked together to the same group of persons over time and across multiple data records without revealing the identity of the person and subject data. A trusted third party play's a critical role if there needs to be a re-identification event that is in response to a major public health event. (Activities defined in HIPAA and HITSP).
Therefore, it would be beneficial to provide a secure system and method for making both VIN and emergency medical data available on an as-needed basis to licensed emergency medical responders, in order that care be provided in a more efficient, safe, and secure fashion if such data can be voluntarily provided and stored in a secure and separate, non-law-enforcement repository, and linked to the NLETS secure infrastructure.